IT Audit School Seminar: ID# 1264203
Agenda 1. Introduction To IT Audit
Audit Objectives And Requirements Role Of IT Within The Organization Management And Security Risks In An Automated Environment What Is A Control? Internal Control Defined Processes And Control Points Physical Space Vs. Logical Space Identifying Control Points 2. Planning The IT Audit
Definition Of Internal Audit Objectives Of An IT Audit IT Audit Strategies What Is An Application Application Vs. General Controls IT Audit Control Reviews IT Control Categories The Audit Deliverable Building The Audit Team 3. Auditing Organizations And Standards
Maintaining Audit Objectivity What Is A Standard? AICPA And SAS GAO And Other Certification Organizations The Institute Of Internal Auditors (IIA) The Treadway Commission COSO Integrated Framework ISACA And The IT Governance Institute COBIT®: Control Objectives For Information And Related Technology ISO 27002 Security Standard 4. Information Technology Basics
Computer Hardware And CPU Operation Two Different Classes Of Computers Software, Programs, And Processing Distributed Systems And Client/Server Technology The Open Systems Interconnection (OSI) Model Maintenance And Security 5. Network Technology And Controls
Networking Risks Auditing Networks What Is A Network? Lans, Wans, And Mans Physical Network Media (Cables) Cabling Audit Objectives LAN Protocols WAN Connectivity And Protocols MAN Protocols LAN/WAN/MAN Audit Objectives Network Devices Network Device Audit Objectives Complete Networks The Internet Intranets And Extranets Risks Of Internet Use For Business Using Firewalls Internet Communications Internet Protocol (IP) Addressing Service (Process) Addressing Internet Applications The World Wide Web (Www) Web Page Technologies Internet Audit Objectives 6 Shared General And Application Controls
Logical Security Data Classification Logical Access Controls: System Access Encryption: Information Access Remote Access, Pcs, And Mobile Devices Information Security Management Change Management Change Management Objectives Program Change Control Patch Management Software Licensing Business Continuity/Disaster Recovery BCP/DRP Defined Business Impact Analysis (BIA) Disaster Recovery Strategy Maintaining The Plan System Development Technologies SDLC, RAD, ERP Purchases Internal Audit Involvement Audit Strategy 7. Database Technology And Controls
Managing Information The Program Centric Model Program Centric Audit Concerns The Data Centric Model What Is A Database? Database Terminology Database Management Systems (DBMS) Types Of Databases Database Audit Concerns 8. Infrastructure General Controls
Operations Controls IT Operations Operating System Controls System Utilities System Software Controls: A Review Physical Security Environmental Controls 9. Business Application Transactions
Objectives Of An Application Audit What Is A Transaction? Transaction Based Application Auditing Transaction Life Cycle Application Risk Assessment Factors Establishing Audit Priorities 10. Top-Down Risk-Based Planning
Planning The Application Audit Top Down, Risk Based Planning Defining The Business Environment Determining The Application’s Technical Environment Performing A Business Information Risk Assessment Identifying Key Transactions Developing A Key Transaction Process Flow Evaluating And Testing Application Controls 11. Data Input And Processing Models
Comparing Pros/Cons Of Input And Processing Models Batch Input/Batch Processing On Line Input/Batch Processing On Line Input/On Line Processing Real Time Input/Real Time Processing 12. Application Controls
Business Applications Information Objectives COSO: Application Controls Business Application Auditing Application Transaction Life Cycle Transaction Origination Logical Security Completeness And Accuracy Of Input Completeness And Accuracy Of Processing Completeness And Accuracy Of Output Output Retention And Disposal Data File Controls User Review, Balancing, Reconciliation End User Documentation Training Segregation Of Duties Business Continuity Planning Sarbanes Oxley Application Control Requirements 13. Testing Application Controls
Testing Automated And Manual Controls Testing Alternatives Testing Sample Size Sampling Terminology Negative Assurance Testing Types Of Audit Evidence Functional/Substantive Testing Computer Assisted Audit Techniques (Caats) Data Analysis: Planning And Data Verification Sarbanes Oxley: Testing Requirements And Examples 14. Documenting Application Controls
Evaluating And Documenting Internal Controls Internal Control Questionnaires Narratives Flowcharts / Process Flows Control Matrix 15. End-User Computing
Growth Of End User Computing End User Computing Risks General IT Control Risks Change Control Risks Purchased Applications Risks Spreadsheets: Typical Errors Spreadsheet Risk Factors Practical Steps For Evaluating Spreadsheet Controls
Order:
IT Audit School
Pricing:$2,063.00
Metropolitan Area:Boston
Venue:Hilton Boston Back Bay 40 Dalton St Boston 770-410-9941
Dates: 8/17/2020 - 08/20/2020 (8:30am - 5:00pm)
Qty: